KeePass Exploit Allows Attackers to Recover Master Passwords from Memory


A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim’s master password in cleartext under specific circumstances.

The issue, tracked as CVE-2023-32784, impacts KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in version 2.54, which is likely to be released early next month.

“Apart from the first password character, it is mostly able to recover the password in plaintext,” security researcher “vdhoney,” who discovered the flaw and devised a PoC, said. “No code execution on the target system is required, just a memory dump.”

“It doesn’t matter where the memory comes from,” the researcher added, stating, “it doesn’t matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it’s been since then.”

Read more…